← 返回 Skills 市场
Qdrant Advanced
作者
yoder-bawt
· GitHub ↗
· v1.0.0
731
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install qdrant-advanced
功能描述
Advanced Qdrant vector database operations for AI agents. Semantic search, contextual document ingestion with chunking, collection management, snapshots, and...
安全使用建议
This skill provides local shell scripts that will (a) send document text and queries to OpenAI to generate embeddings, and (b) send data to your Qdrant host. Before installing or running: 1) Be aware that any files you ingest will be transmitted to OpenAI — do not ingest sensitive or regulated data unless you have reviewed your policy and the OpenAI terms. 2) If your Qdrant is remote, note the scripts use HTTP (not HTTPS) by default; consider running Qdrant locally or modifying scripts to use HTTPS and to include an Authorization header. 3) The SKILL.md mentions QDRANT_API_KEY but the scripts do not use it — if your Qdrant requires authentication you will need to add authorization headers to curl calls. 4) There are small code issues (e.g., a typo in manage.sh optimizer call) and typical shell-quoting fragility — review and test the scripts in an isolated environment before running on production data. 5) Limit the OpenAI key's scope and monitor usage/quotas if possible (rotate or use an organization key with usage limits) to reduce blast radius.
功能分析
Type: OpenClaw Skill
Name: qdrant-advanced
Version: 1.0.0
The skill bundle contains multiple critical vulnerabilities across several shell scripts. `ingest.sh` is vulnerable to local file inclusion and Python command injection via unsanitized `$FILE_PATH`, `$CHUNK_STRATEGY`, and `$METADATA_JSON`. `search.sh` and `migrate.sh` are susceptible to JSON and Python command injection due to direct interpolation of `$QUERY` and `$FILTER_JSON` into `curl` payloads and embedded Python scripts. `manage.sh` has a shell injection vulnerability if Qdrant collection names contain malicious characters. `backup.sh` allows arbitrary file writes via an unsanitized `$OUTPUT_PATH`. These flaws could enable an attacker to achieve arbitrary code execution or file system manipulation, classifying the bundle as suspicious due to these high-risk vulnerabilities.
能力评估
Purpose & Capability
Name/description match the delivered artifacts: the repository includes search, ingest, manage, backup, and migrate scripts that call Qdrant and generate embeddings with OpenAI. Required binaries (curl, python3, bash) and an OpenAI API key are appropriate for these tasks.
Instruction Scope
The scripts will transmit user content and query text to OpenAI's embeddings API (https://api.openai.com/v1/embeddings) — this is expected for embedding generation but is effectively external data transmission. Qdrant calls use plain HTTP (QDRANT_URL="http://..."), so if you point the scripts to a remote Qdrant host traffic (including payloads) may be unencrypted. The SKILL.md and examples instruct you to export OPENAI_API_KEY and run the scripts, which is consistent with their behaviour.
Install Mechanism
No install spec; the skill is instruction+script based and does not download or extract external code at install time. The payload is a set of local shell/python scripts (no remote installs), which reduces supply-chain risk.
Credentials
OPENAI_API_KEY is required and used for embeddings (consistent with ingest/search/re-embedding). QDRANT_HOST and QDRANT_PORT are used and sensible. SKILL.md mentions an optional QDRANT_API_KEY but none of the scripts actually read or use QDRANT_API_KEY for Authorization — a mismatch you should be aware of (if your Qdrant requires auth the scripts will fail or leak data). The skill declares QDRANT_HOST/QDRANT_PORT/OPENAI_API_KEY as required in metadata even though the docs show defaults for host/port; this is a minor inconsistency.
Persistence & Privilege
always is false and the skill does not attempt to modify other skill configs or persist itself. It performs normal CRUD operations against the Qdrant server and local uploads; no privileged or persistent platform-level operations are requested.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install qdrant-advanced - 安装完成后,直接呼叫该 Skill 的名称或使用
/qdrant-advanced触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of qdrant-advanced: a comprehensive toolkit for advanced Qdrant operations.
- Semantic search across multiple collections with flexible filters and thresholds.
- Intelligent document ingestion using customizable chunking strategies.
- Scripts for end-to-end collection management: create, list, info, optimize, and delete.
- Integrated snapshot tools for backup and restore.
- Migration utilities supporting collection copy, model upgrades, and filtered migrations.
- Production-ready Bash & Python scripts designed for real-world AI agent workflows.
元数据
常见问题
Qdrant Advanced 是什么?
Advanced Qdrant vector database operations for AI agents. Semantic search, contextual document ingestion with chunking, collection management, snapshots, and... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 731 次。
如何安装 Qdrant Advanced?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install qdrant-advanced」即可一键安装,无需额外配置。
Qdrant Advanced 是免费的吗?
是的,Qdrant Advanced 完全免费(开源免费),可自由下载、安装和使用。
Qdrant Advanced 支持哪些平台?
Qdrant Advanced 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Qdrant Advanced?
由 yoder-bawt(@yoder-bawt)开发并维护,当前版本 v1.0.0。
推荐 Skills